> If you are using SSL then why even bother hashing the password?
The one reason I can think of hashing a password even if you have SSL is
because then the password stored on the server must also be hashed to be
useful. It is better to *not* store passwrods on the server in plain
text, since if your server is compromised the passwords aren't useful.
However, if that's the point, then you can probably get by with sending
the password in clear text (over SSL, so it's unsniffable) and hash it
on the server.
--
Richard Seymour : Anarchy Software, Inc.
- * - - * - - - * -+- * - - - * - - * -
`°º¤ø,¸ ¸,ø¤º°'
`°º¤ø,¸¸,ø¤º°
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
- To admin Chidambaram Bhasi Danus
- RE: Encrypting password GOMEZ Henri
- RE: Encrypting password DONNIE HALE
- RE: Encrypting password Joe Laffey
- RE: Encrypting password Samson, Lyndon [IT]
- RE: Encrypting password GOMEZ Henri
- Re: Encrypting password Sam Newman
- RE: Encrypting password Alistair Hopkins
- Re: Encrypting password Sam Newman
- RE: Encrypting password Joe Laffey
- Re: Encrypting password Richard Seymour
- Re: Encrypting password Sam Newman
- Re: Encrypting password Francisco M. Marzoa Alonso
- Re: Encrypting password Joe Laffey
- Iplanet + Tomcat Again Andrzej Przewiezlikowski
- Re: Encrypting password Rob Tanner
- RE: Encrypting password Rob Tanner
- Re: Encrypting password Sam Newman
- Re: Encrypting password Shailendra
- Re: Encrypting password Sam Newman
- Re: Encrypting password romain
